Latest updates here: https://github.com/azure-ad-b2c/custom-policy-manager
This is a sample management tool for B2C Custom Policies. Custom policy allows you to customize every aspect of the authentication flow.
This sample demonstrates the following:
- Create a custom policy
- Update a custom policy
- Delete a custom policy
- List all custom policies
This sample requires the following:
NOTE: This API only accepts user tokens, and not application tokens. See more information below about Delegated Permissions.
- A global administrator account is required to run admin-level operations and to consent to application permissions. (for example: admin@myb2ctenant.onmicrosoft.com)
-
Sign in to the Azure Portal using your Global Admin account.
-
Select your Azure AD B2C directory from the directory filter.
-
Select the Azure Active Directory Blade.
-
Select Application Registrations, and create a new Application.
-
Select Type
Native, and enter the redirect API:https://b2capi.com, create the App. -
Select Settings - Required Permissions - Add - Select An API. Choose the
Microsoft Graph API. -
Select the permission Read and write your organization's trust framework policies.
-
Click Save, and click Grant Permissions.
-
Open and build the solution in Visual Studio.
-
Run the application:
a. Set the Tenant to your B2C tenant: something.onmicrosoft.com
b. Set the V1 Graph App Id field to the Application Id from the App Registration created in the AAD Blade.
c. Set the B2C Application Id to the App Id of an Application Registration created in the AAD B2C Blade.
d. Set the reply url to a valid Reply URL set on the Application Registration referenced in the step above (AAD B2C App Registration).
-
Click Login and login with the Global Admin of your B2C tenant. It must be in the format user@something.onmicrosoft.com.
After logging in, any custom policies registered in the Identity Experience Framework at the portal or uploaded by this tool will be listed.
Select a Policy Folder that contains your XML files to upload them.
You can also open the working folder in VSCode by clicking Open Folder in VSCode.
Questions about this sample should be posted to Stack Overflow. Make sure that your questions or comments are tagged with [azure-ad-b2c].
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
The sample uses the Active Directory Authentication Library (ADAL) for authentication. The sample demonstrates delegated admin permissions. (App only permissions are not supported yet)
Delegated permissions are used by apps that have a signed-in user present (in this case tenant administrator). For these apps either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
See Delegated permissions, Application permissions, and effective permissions for more information about these permission types.